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(54) REPEATING INSTALLATION 




(57)Abstract: 

PROBLEM TO BE SOLVED: To minimize a 
log-in frequency from a reapeating installation 
to a database when accessed from a terminal 
using a communication system of no connection 
control to the database connection-controlled via 
the repeating installation. 
SOLUTION: When log-in requirement is input 
from the terminal to the repeating installation, 
a pair of a session ID imparted in every session, 
and a DB access means obtained after the 
installation conducts log-in to the database, and 
including execution information for a program 
of the installation is stored in a session 
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information storage means to correspond each other. By this manner, when requirement 
including the session ID is input from the terminal, the DB access means corresponding 
to the session ID is directly obtained from the session information storage means, so as 
to allow the access to the database(DB) without executing the log-in from the repeating 
installation to the DB again. 



CLAIMS 



[Claim(s)] 

[Claim l] A network and the terminal which is connected to said network and outputs a 
log in demand, It connects with the repeating installation which is connected to said 
network and receives said log in demand, and said repeating installation, and has the 
database which can store and refer to data. To said repeating installation The log in 
means which logs in to a database by said log in demand, The repeating-installation 
control means which generates the session ID which makes a session the condition that 
imagination connection is maintained between said terminals and repeating 
installation to said log in demand, and identifies said session, Repeating installation 
characterized by having a DB access means to maintain connection of a between [ said 
repeating installation and said databases ], and said session ID and a session 
information storing means to store the session information containing the group of said 
DB access means to correspond after logging in. 

[Claim 2] The repeating installation according to claim 1 carry out having had the 
terminal means of communications which inputs said log in demand whose 
repeating-installation control means of said contains a login ID, a log in means will 
generate said DB access means if the log in which used said login ID for the database by 
the inputted log in demand is performed and a log in is successful, and a session 
information-management means store said DB access means in said session 
information storing means while generating said session ID as the description. 
[Claim 3] Repeating installation according to claim 1 characterized by outputting the 
response in which said session information management means contains said session 
ID to said log in demand to said terminal. 

[Claim 4] Repeating installation according to claim 1 characterized by said networks 
being IP networks, such as the Internet. 

[Claim 5] Repeating installation according to claim 1 characterized by said terminal 
being the portable telephone and mobile terminal which can communicate to said 
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network. 

[Claim 6] Repeating installation according to claim 1 characterized by being the object 
from which said DB access means serves as an identifier which shows connection 
between said databases and said repeating installation including the operating state 
information on the repeating installation generated after logging in to said database in 
case a demand in said database is performed. 

[Claim 7] A network and the terminal which is connected to said network and outputs a 
log in demand, It connects with said network, and it connects with the repeating 
installation which receives said log in demand, and said repeating installation, and has 
the database which can store and refer to data. To said repeating installation The 
terminal means of communications which performs the communication link with said 
terminal, and the condition that imagination connection is maintained between said 
terminals and repeating installation to said log in demand are made into a session. A 
session information storing means to store the session information which is the 
information about said session, It is started at the time of a demand of said terminal or 
initiation of said session, and processing to a demand of said terminal is performed. 
Even when it has a WWW demand processing means to disappear after said processing 
is completed and said WWW demand processing means ends processing Repeating 
installation which can save a DB access means to maintain connection of a between 
[ said repeating installation and said databases ] when said session information 
management means evacuates said DB access means to a session information storing 
means. 

[Claim 8] A log in means by which said WWW demand processing means logs in to a 
database by said log in demand, Connection of a between [ said repeating installation 
and said databases ] is maintained after a log in. A DB access means to disappear while 
becoming the identifier which shows connection at the time of the demand processing to 
said database including the operating state information on repeating installation and 
extinguishing said WWW demand processing means, Repeating installation according 
to claim 7 characterized by having a session information management means to store 
said DB access means in said session information storing means while generating said 
session ID. 

[Claim 9] The terminal means of communications which inputs said log in demand 
containing a login ID, and a WWW demand processing means starting means to start 
said WWW demand processing means by the inputted log in demand, A log in means to 
generate said DB access means if the log in which used said login ID for the database is 
performed and a log in is successful, Repeating installation according to claim 7 
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characterized by having a session information management means to store said DB 
access means in said session information storing means while generating said session 
ID. 

[Claim 10] The terminal which outputs the processing demand containing said session 
ID to said repeating installation through said network, The terminal means of 
communications which said processing demand inputs, and a session information 
management means to acquire said DB access means corresponding to said session ID 
from said session information storing means, A DB demand implementation means to 
give the demand to said database according to said processing demand to DB processing 
demand, and to perform said DB processing demand using said DB access means, DB 
means of communications which performs the communication link with said database, 
and a terminal response generation means to carry out based on the response to said 
DB processing demand of said database, and to generate the response to said terminal, 
Claim 1 charactei-ized by having the terminal means of communications which outputs 
the response to said terminal thru/or repeating installation given in seven. 
[Claim 11] Repeating installation according to claim 1 characterized by said session 
information containing said login ID. 

[Claim 12] The repeating installation according to claim 11 characterized by to perform 
processing corresponding to said processing demand when said login ID by which said 
session information-management means is included in said session information with 
reference to said session information corresponding to said session ID of said session 
information storing means is in agreement with said login ID contained in said 
processing demand, if said terminal outputs the processing demand containing said 
Session ID and said login ID to said repeating installation. 

[Claim 13] Repeating installation according to claim 11 characterized by performing the 
response to which an abnormality response or a log in is urged when said log in demand 
is inputted and said session information in which said session information management 
means contains the login ID which is in agreement with said login ID contained in said 
log in demand is in said session information storing means. 

[Claim 14] Repeating installation according to claim 2 characterized by said session 
information management means eliminating the data containing said session ID 
contained in said log out demand from said session information storing means if said 
terminal outputs the log out demand containing said session ID to said repeating 
installation via said network and said log out demand is inputted into said repeating 
installation. 

[Claim 15] The repeating installation according to claim 1 characterized by for said 
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timer means to be started if said timer means is set up and becomes the set-up time of 
day, and to be started the processing whicb deletes the session information on relevance 
from said session information storing means when said repeating installation is 
equipped with a timer means start the processing set as the set-up time of day and said 
time of day is stored in said session information. 

[Claim 16] Repeating installation according to claim 1 characterized by said session 
information containing time of day. 

[Claim 17] Repeating installation according to claim 16 characterized by storing current 
time in said time of day of said session information when said time of day is the time of 
day at the time of the log in of said terminal, said log in demand is inputted into said 
repeating installation and said session management means stores said session 
information in said session information storing means. 

[Claim 18] Repeating installation according to claim 16 characterized by updating by 
making into current time said time of day of said session information in which said time 
of day is the time of day which said terminal accessed at the end, and said session 
information management means has the same session ID as said processing demand 
when said processing demand is inputted into said repeating installation, or when the 
response to said processing demand is outputted. 

[Claim 19l Repeating installation according to claim 16 characterized by deleting said 
session information on relevance from said session information storing means when it 
agrees on the conditions with which said session information management means 
compared said time of day and current time of said session information periodically 
included in said session information storing means, and were beforehand decided to be. 
[Claim 20] Repeating installation according to claim 16 characterized by deleting said 
session information on relevance from said session information storing means when 
said processing demand or said log in demand is inputted into said repeating 
installation and it agrees on the conditions with which said session information 
management means compared said time of day and current time of said session 
information included in said session information storing means, and were beforehand 
decided to be. 

[Claim 21] It is the repeating installation according to claim 20 characterized by 
outputting the response to which an abnormality response or a log in is urged to said 
terminal when said session information management means compares said time of day 
with the time of day corresponding to said session ID of said demand stored in said 
session information storing means and it is not in agreement. 

[Claim 22] Repeating installation according to claim 1 characterized by said log in 
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demand, said processing demand, or said session information containing the client 
identifier which specifies a terminal. 

[Claim 23] The repeating installation according to claim 22 carry out that generate the 
log in response in which a terminal response generation means contains the session ID 
contained in said session information, and terminal means of communications outputs 
said log in response to a terminal when said session information to which said the log in 
demand of said session information corresponds with both the login ID which is 
inputted into said repeating installation and contained in said log in demand, and a 
client identifier including a login ID is included in said session information storing 
means as the description. 

[Claim 24] Said log in demand is inputted into said repeating installation for said 
session information including a login ID. When said session information from which the 
login ID contained in said log in demand is in agreement with, and a client identifier 
differs is included in said session information storing means, The 2nd session 
information that said session information management means contains the 2nd session 
ID and said 2nd session ID is generated. It is the repeating installation according to 
claim 22 characterized by storing in said 2nd session information said client identifier 
contained in said log in demand, and reproducing the thing of said session information 
about the remaining information on said 2nd session information. 

[Claim 25] Repeating installation according to claim 24 characterized by for a terminal 
response generation means generating the response which shows abnormalities, and 
terminal means of communications outputting said response to a terminal when said 
session information from which said processing demand is inputted into said repeating 
installation, the session ID contained in said processing demand is in agreement with, 
and a client identifier differs is included in said session information storing means. 
[Claim 26] Repeating installation according to claim 1 which makes a demand identifier 
the identifier which identifies a demand uniquely in said session, and is characterized 
by including said demand identifier in said session information. 

[Claim 27] It is the repeating installation according to claim 22 characterized by said 
session information management means accessing said database when said terminal 
inputs into said repeating installation the processing demand in which said Session ID 
and said demand identifier were stored and said session information which is in 
agreement with said session ID contained in said processing demand and said demand 
identifier is stored in said session information storing means. 

[Claim 28] It is the repeating installation according to claim 26 characterized hy for a 
terminal response generation means generating the response to which the response or 
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log in which shows abnormalities is urged, and terminal means of communications 
outputting said response to a terminal when said session information which is in 
agreement with said session ID contained in said processing demand and said demand 
identifier is stored in said session information storing means. 

[Claim 29] While making into a whole demand identifier the identifier which identifies 
the demand to said repeating installation, and said session information management 
means' generating said whole demand identifier and storing in said session information 
Repeating installation according to claim 1 characterized by storing said session 
information in said session information storing means, for said terminal response 
generation means generating the processing response which is a response to the 
processing demand of said terminal which stored said whole demand identifier, and said 
terminal means of communications outputting said processing response. 
[Claim 30] When said terminal inputs into said repeating installation said processing 
demand which made said demand identifier in [ whole / said ] a processing response the 
1st demand identifier of the whole, and stored the 1st demand identifier of the whole, 
When said session information corresponding to said whole demand identifier is stored 
in said session information management means, Repeating installation according to 
claim 29 characterized by said session information management means accessing said 
database using said DB access means within said session information. 
[Claim 31] It is the repeating installation according to claim 30 characterized by a 
terminal response generation means outputting the response to which an abnormality 
response or a log in is urged to said terminal when said session information 
corresponding to said whole demand identifier is not stored in said session information 
management means. 

[Claim 32] Claim 1 characterized by enciphering said session ID, a demand identifier, or 
a client identifier, and answering thru/or repeating installation according to claim 31. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the repeating installation which 
performs session management and increases the efficiency of access from a terminal, 
when performing access to the database which performs connection management from 
the terminal using the communication mode which does not consider connection 
management between servers as a terminal like WWW. 
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[0002] 

[Description of the Prior Art] Since the usual PC is made as for the WWW-DB 
cooperation system which makes it possible to access a database (DB) in the company 
via a network from a WWW (World Wide Web) browser to a terminal, it has so far been 
applied to electronic commerce etc. 

[0003] Since the cellular phone of WWW browser loading can also be used as a terminal 
of this system still like the portable telephone corresponding to an I mode of NTT 
DoCoMo recently, the need of a WWW'DB cooperation system is still higher. 
[0004] Usually, although HTTP (Hypertext Transfer Protocol) used by WWW is a 
communication mode from which connection is cut when logical connection is not made 
but a server returns a response to one demand between a terminal and a server, log in 
processing is performed in DB and it enables it to access from a log in before a log out 
only in the user who logged in by performing connection management. Therefore, in a 
WWW-DB cooperation system, since a log in in DB becomes an invalid when a terminal 
accesses once again even if a WWW terminal logs in to DB, if it remains as it is, it must 
log in again. Therefore, servers, such as a WWW server arranged between a terminal 
and DB, need to recognize and manage the logical connection between a terminal and a 
server (session). 

[0005] Such conventional WWW-DB cooperation system whole configuration is shown in 
drawing 28. 

[0006] In drawing 28, 2701 is a terminal which carries a WWW browser and transmits a 
demand of a user. 

[0007] PDA (Personal Digital Assistant) and the cellular phone which carried PC and 
the WWW browser as a terminal can be used. 2702 is a network. When 2703 will access 
a database according to the demand if a demand of a terminal is inputted from a 
network, and information is acquired, it is repeating installation which returns the 
response which contained data to the terminal. The WWW server currently developed 
by an Apache project, U.S. Netscape, and U.S. Microsoft as repeating installation can be 
assumed. 2704 is DB which has stored the data of the object which a terminal acquires. 
Moreover, the internal configuration of repeating installation 2703 is shown in drawing 
28. 

[0008] In drawing 29, 2801 is terminal means of communications which performs the 
communication link with a terminal. 2802 is a session information management means 
to manage the session information which is the information which shows to which 
session the demand belongs. The information inputted from terminals, such as a session 
number, user ID, and a password, is stored in session information. 2803 is a log in 
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means to perform the log in to DB. 2804 is a session information storing means to store 
session information. 2805 is a terminal response generation means to generate the 
response to a terminal based on the information acquired from DB. 2806 is a DB 
demand implementation means to generate the demand to DB and to extract the data of 
DB from a response. 2807 is DB means of communications which performs the 
communication link with DB. 

[0009] First, the detail of the log in processing in a system is explained conventionally. 

[0010] A terminal 2701 outputs a log in demand to a network 2702 first. 

[00 11] Information required for log ins, such as a login ID and a password, is included in 

a log in demand. In this case, a login ID is set to aaaaa and a password is set to abcde. 

[0012] Subsequently, a log in demand is inputted into repeating installation 2703 from a 

network. The following processings are performed in the repeating-installation 2703 

interior. 

[0013] First, a log in demand is inputted into the terminal means of communications 
2801. 

[0014] Next, since an input request is a log in demand, the session information 
management means 2802 starts the processing which stores data in the session 
information storing means 2804. The session information management means 2802 is 
made to log in to DB2704 here using the login ID and password which are first 
contained in a log in demand, and the log in means 2803. The log in means 2803 creates 
the log in demand to DB from the data of the session information management means 
2802, and is accessed to DB2704 using the DB means of communications 2807. If 
DB2704 returns the response of the purport that the log in was successful to the log in 
demand, a result will return to the session information management means 2802 
through the log in means 2803. In this case, since the log in was successful, if a response 
is received, the session information management means 2802 generates Session ID, and 
stores groups, such as Session ID, a login name, and a password, in the session 
information storing means 2805. In this case, the generated session ID is aaaaOOOO. 
[0015] The configuration of this session information storing means 2805 is shown in 
drawing 30. 

[0016] In drawing 30, the connection place which Session ID and 2902 become in 2901 
and a password and 2904 become from an IP address, a machine name, etc. in a login ID 
and 2903 is shown. 

[0017] In drawing 30, sessions IDaaaaOOOO, bbbbllll, and cccc2222 are assigned to 
Users aaaaa, bbbbb, and ccccc, respectively, and the corresponding password and the 
connection place are stored. Each user logs in, and these data are stored after Session 
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ID is assigned. 

[0018] Then, if the data acquisition demand whose terminal requires the data of DB is 
included in the log in demand, DB demand implementation means 2806 will output a 
data acquisition demand to DB2704. If DB2704 returns the response containing the 
data demanded according to this data acquisition demand, DB demand implementation 
means 2806 will receive that data by DB means-of-communications 2807 course. After 
receiving data, the terminal response generation means 2805 is used based on the data 
and Session ID, the response to a terminal is generated, and this is outputted to a 
terminal 2701 through 2801. In the case of WWW, there are three, the approach using 
Cookie as an approach of including Session ID in the response to a terminal, the 
approach of embedding Session ID to the link in the page of a response, and the 
approach of hiding in the page of a response, making form and embedding at attribute 
value. 

[0019] Cookie is status information which is described by RFC2109 of IETF (Internet 
Engineering Task Force) issue, uses HTTP, is carried out between a WWW server and a 
WWW terminal, and is recorded on a WWW terminal. Cookie is saved on a terminal by 
assignment of the header of HTTP, and when a WWW terminal stores Cookie in the 
HTTP header of the demand to a WWW server and sends it to a WWW server, it enables 
a WWW server to acquire a condition from Cookie in the demand. 
[0020] The page of a response is expressed as a terminal 2701 after a log in. When the 
user of a terminal 2701 gives the 2nd data acquisition demand to this degree, a terminal 
2701 stores the session ID aaaaOOOO embedded by the response at the 2nd data 
acquisition demand, and outputs it to a network 2702. 

[0021] To this 2nd data acquisition demand, within repeating installation 2703, since 
the class of input request is a data acquisition demand, the session information 
management means 2802 performs inquiry processing of the session ID of the 2nd data 
acquisition demand. In this case, since aaaaOOOO is already stored in the session 
information storing means 2804, three, a corresponding user name and a corresponding 
password, and a connection place, are acquirable. Next, it accesses to DB using the 
connection which the DB means of communications 2707 holds using such information, 
and data are acquired. As this approach, if possible, connection of DB means of 
communications will be acquired from the data of connection place information, and 
there are an approach of logging in again here and the approach of connecting with DB 
directly. Next, the response page to the 2nd data acquisition demand is generated from 
this data and Session ID, and it outputs to a terminal. 

[0022] Although ID and the password for a log in needed to be sent to repeating 
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installation from the terminal by the 1st demand by using the above session 
management methods, 2nd henceforth can acquire the data of DB from a terminal, if a 
session number is sent. 

[0023] It is indicated by JP,11-41284,A, JP,1M49449,A, JP,2000-106552,A, etc. as a 

technique of such a session management method. 

[0024] 

[Problem(s) to be Solved by the Invention] In JP,11-41284,A ) User Information and 
connection place information on a client are stored in the session information storing 
means in repeating installation, and while attesting User Information DB only by the 
user name at the time of next access, a session is managed. When there is only 
connection of one between repeating installation and a server and it exchanges two or 
more users' data in it since only one session's being manageable for every user about 
this approach and connection place information are what shows only DB of a connection 
place for example, they have the problem which cannot manage connection with DB. 
[0025] Moreover, in JP,11-149449,A, in the interior of repeating installation, a session 
information management means etc. starts the thread which performs internal 
processing of repeating installation for every session, a thread number is acquired from 
the conversion table of a session number and a thread number, data, such as a user 
name, are picked out from the resource table which a thread holds from a thread 
number further, and it accesses to DB using this. In this case, since data, such as a user 
name, can be referred to only from the interior of a thread, a thread starts for every 
demand, and after the processing to a demand is completed, when a thread disappears, 
data will also be canceled at the time of disappearance of a thread. Therefore, 
management of a session cannot be performed if this approach is used. Moreover, 
although the function to start a thread for every session is needed for repeating 
installation, when making application using API of a WWW server and such a function 
is not prepared for API, this approach cannot be applied as if the developer itself does 
not mount this function. 

[0026] Moreover, in JP,2000-106552,A, after it sends from a terminal the information 
document and session identifier which identify a user and repeating installation logs in 
to DB based on it at the time of a log in in repeating installation, the User Information 
document and a session identifier are saved. In this case, since the device which has a 
session number by the terminal side being the need in order that a terminal's may send 
session information with a log in, and a session number need to be given to a meaning to 
a system-wide terminal, when two or more terminals exist, the . device in which it is 
made for a session number not to overlap is needed. 
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[0027] In such a WWW-DB cooperation system, when a terminal sends the information 
for session managements, the session ID assigned between terminals laps, and the user 
of the terminal which is using the overlapping session ID is different, fault may occur. 
[0028] Moreover, since it corresponds to the WWW browser which cannot use Cookie, 
when Session ID is embedded in URL or a hiding parameter, a link is extracted from the 
source of URL or a WWW page, and there is the so-called spoofing problem which can 
access the information on DB forbidden also except a formal user by accessing the URL 
from other terminals. Since Cookie cannot be especially used in a November, 2000 
current and an I mode terminal, it is easy to generate this problem. 
[0029] Moreover, although the count of a log in from the terminal in one session is 
carried out at once by the above-mentioned method, since the login ID and password 
which are data from a terminal are saved as it is, when the descriptor of the session of 
repeating installation and DB is required, whenever it accesses in order to acquire the 
descriptor, it must log in to DB, and the problem which makes the load of DB high is in 
access after a log in. 

[0030] Moreover, in a WWW-DB cooperation system, according to the template and 
script which were described according to the fixed regulation, a WWW server may 
access DB to the demand from a terminal, and it may be made the configuration which 
makes a WWW page generate dynamically from the result. Although processing of this 
script is performed by WWW demand processing means which a WWW server starts for 
every demand, such as a thread and a process, by the conventional method, only the 
information which specifies DB, and the information made to input from a terminal are 
saved for a session information storing means. Therefore, since this will be discarded 
with processing termination of a thread even if the variable for logging in by a certain 
thread and accessing DB is obtained, when the next demand was performed, the login 
ID etc. needed to be again acquired from the session information storing means, and it 
needed to log in again. For this reason, even when it belonged to the same session, it 
had to log in by a unit of 1 time for every demand, and the same problem as the 
above-mentioned case had arisen. 

[0031] In a system which a terminal accesses to DB through repeating installation 
using the protocol which does not manage a connection condition like WWW, the 
purpose of this invention is to offer the repeating installation which carries out the 
count of a log in to the database in a session only at once, and is easy to prevent spoofing 
other than a registered user, even when a thread starts for every demand. 
[0032] 

[Means for Solving the Problem] This invention makes connection between DB and 
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repeating installation, and is equipped with a session information storing means to 
store directly DB access means used when accessing to DB after logging in to DB. 
[0033] In case repeating installation processes the demand from the terminal belonging 
to a session by this, DB access means is acquired from a session information storing 
means, and it becomes possible to access DB, without logging in in the case of the 
demand of the 2nd henceforth, and the effectiveness which shortens the response time 
and mitigates the load of DB is acquired. 

[0034] It has a WWW demand processing means starting means to start the thread 
which disappears after this invention processes every demand or session to repeating 
installation and processing ends [ 2nd ] it, and a session information storing means to 
store session information out of a thread. 

[0035] Even if a thread is started for every session and every demand and DB access 
means inside a thread is discarded with thread abandonment by this, when performing 
processing to the next demand, it becomes possible to access to DB, without logging in 
by acquiring DB access means from a session information storing means, and the 
effectiveness which shortens the response time and mitigates the load of DB is acquired. 
[0036] The 3rd this invention is equipped with a session information management 
means to delete the same session information as the session ID of a log out demand 
from a session storing means when a log out demand is inputted into repeating 
installation at repeating installation. 

[0037] Thereby, the effectiveness which can reduce the storage capacity of a session 
information storing means is acquired. 

[0038] When there is session information which has the session ID which is in 
agreement with the thing in a log in demand when a log in demand is inputted as a 
session information storing means to store the session information which contains 
[ 4th ] a login ID, the error response of a double log in is outputted to a terminal. 
[0039] Thereby, while the storage capacity of a session information storing means is 
reducible, the effectiveness which prevents an inaccurate user accessing from other 
terminals during access is acquired. 

[0040] A session information storing means to store the session information which 
contains [ 5th ] log in time of day in repeating installation, The session information 
which made current time log in time of day when a log in demand was inputted as a 
timer means to start the processing set up when setting time of day came is stored in a 
session information storing means. If a session information management means to set a 
timer as time-out time of day is established and time-out time of day comes, a timer 
means will start the processing which deletes the session information on relevance from 
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a session information storing means. 

[0041] By reducing the storage capacity of a session information storing means, and 
restricting the accessible time amount in one session by this, the time amount at the 
time of unlawful access being performed to repeating installation is restricted, and the 
effectiveness which lessens damage is acquired. 

[0042] When discernment of repeating installation to a terminal is [ 6th ] possible, it has 
the identifier of a terminal, a session information storing means to store the information 
containing a login ID, and a session information management means by which log in 
processing is not performed to the user of the same login ID as compared with the client 
identifier of a log in demand at the time of a log in. 

[0043] Thereby, while shortening the response time to the log in by the terminal after 
the 2nd piece, the effectiveness which can reduce the number of connection between 
repeating installation and DB is acquired. 

[0044] It has a session information storing means make 7th correspond with a session 
ID by making into session information the demand identifier which is a character string 
for identifying the demand within a session to repeating installation, and store, and a 
session information management means make DB access corresponding to a processing 
demand in both a session ID and a demand identifier perform as compared with the 
time of outputting the processing demand whose terminal contains Session ID and a 
demand identifier only when both are the same. 

[0045] Even if a malicious user accesses unlawfully to repeating installation by this 
using the session ID which became an invalid, and a demand identifier by the 
processing demand of a time-out or consecutiveness, the effectiveness of becoming 
possible to prevent it is acquired. 
[0046] 

[Embodiment of the Invention] Hereafter, the gestalt of operation of this invention is 
explained using drawing 27 from drawing 1. 

[0047] In addition, this invention is not limited to the gestalt of these operations at all, 
and can be carried out in the mode which becomes various in the range which does not 
deviate from the summary. 

[0048] (Gestalt 1 of operation) The gestalt of operation of the 1st of this invention is 
explained hereafter. 

[0049] Drawing 1 shows the block block diagram of this invention, and 101 is the 
terminal which carries a WWW browser or can perform WAP access in drawing 1. If the 
browser besides a personal computer or a workstation is carried as a terminal, a 
portable telephone and a Personal Digital Assistant can also be used. 102 is a network 
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which, transmits data and repeating installation 103 is connected with the terminal 101 
in the network. A network may be a private network not only like a public network like 
the Internet, a public telephone network, a cellular-phone network, and an ISDN 
network but a dedicated line. 103 is repeating installation which is connected to a 
network 102 and DB104 and acquires data from DB according to a demand of a 
terminal 101. 104 is DB which is connected to repeating installation 103 and stores 
various data. 105 is a channel between repeating installation and DB. Anything may be 
used as long as it enables as a channel the communication link between computers, 
such as ATM besides [ which transmits IP (Internet Protocol) ] a network, a public 
telephone network, a Frame Relay, an extension network, and LAN. 106-110 show the 
configuration of repeating installation 103. 106 is a repeating-installation control 
means which opts for and performs reception and processing of as opposed to a demand 
for the demand from a terminal 101, and outputs a response to a terminal 101. 107 is a 
session information storing means to store the information about a session. 108 is a log 
in means to perform processing which logs in to DB. 109 is a DB access means to 
manage the connection condition (session) to DB. DB access means exists on a program 
as a variable (descriptor) which manages the user name which logged in, the IP address 
of a connection place, a port number, a connection condition, program execution 
information, etc. As an example of such data, the object of COM (Component 
ObjectModel), COKBA, and Java and the variable of LISP language are mentioned. 
Depending on the language and the environment of mounting, DB access means can 
have both data and function (method). A log in is performed, and if this DB access 
means will be in the condition that DB can be accessed from repeating installation, 
initialization will end it. 

[0050] The condition of connecting by this log in ending is maintained while DB access 
means is held. For example, when it mounts DB access means in DB access as a COM 
object in IIS (Internet InformationServer) of U.S. Microsoft at a WWW server using the 
device of ASP (Active Server Pages), after logging in to DB, the COM object for access is 
generated. If the connection between the repeating installation 103 generated by the log 
in in DB and DB104 is maintained and has a COM object while this COM object is held, 
it is possible to access to DB104, without logging in by using this. 

[0051] Moreover, connection between the repeating installation with which this DB 
access means expresses, and DB is also cut at the same time DB access means is 
canceled. Therefore, while DB access means is held, it is possible to perform access to 
DB from repeating installation, without logging in. Before logging in from repeating 
installation 103 to DB104, since it is not initialized, even if DB access means has other 
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data of a terminal, such as a login ID and a password, in repeating installation 103, it 
cannot perform DB access using DB access means 207. In this application, it is said that 
DB access means 207 cannot acquire this condition. 110 is DB means of communications 
which performs the communication link with DB. 

[0052] Drawing 2 shows the configuration of the repeating-installation control means 
106, and 201 is terminal means of communications which performs the communication 
link with a terminal. When repeating installation uses HTTP to a terminal, the 
terminal means of communications 201 manages transmission and reception of HTTP. 
202 is a session information management means to manage the information on a 
session. The terminal response generation means of 203 is changed into the format that 
terminals, such as HTML, can interpret the information inputted from DB. 
[0053] DB demand implementation means of 204 changes the data acquisition demand 
from a terminal into the demand on the session of DB shown with DB access means, and 
acquires data from DB using the DB means of communications 204. 
[0054] Drawing 3 is the sequence diagram showing actuation of the gestalt of this 
operation. 

[0055] Hereafter, even drawing 3 and proper drawing 4 - drawing 7 are used, and 
actuation of the gestalt of this operation is explained. In this case, Users bbbbb and 
ccccc shall log in to repeating installation 103 in advance. 

(l) If User aaaaa operates a log in at a terminal 101 to the log in demand 301 beginning, 
the log in demand 301 will be outputted to a network 102 to repeating installation. 
When using WWW, in advance, the WWW page for a log in in a user may be acquired, 
and, as for actuation of a log in, the application with which the approach of inputting to 
it usually operates on a terminal but may output the log in demand 301. 
[0056] The field configuration of this log in demand 301 is shown in drawing 4. 
[0057] In drawing 4, 401 is a demand parameter. Information, such as a class of the 
directions information which shows a log in, and informational reference, informational 
updating, and addition, or information to acquire from DB, enters here. In this case, the 
identifier which shows that it is a log in demand is contained in a demand parameter. In 
addition, the log in demand and the data acquisition demand may be included in 
coincidence. 402 is a login ID for identifying a user. 403 is a password. When the 
password is enciphered, it can guess easily that the gestalt of this operation operates 
also with a terminal 101 and repeating installation 103. When using WWW (HTTP), a 
log in demand can be described using URL. For example, when login.cgi and a login 
name are [ aaaaa and a password ] abcde(s) for the program to which the machine name 
of repeating installation 103 logs in by gateway, it is [External Character l]. 
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http: //gateway/login, cgi?LoginID=aaaaa&Password-abcde 

** -- a demand is described like. 

(2) If the log in demand 301 is inputted into repeating installation 103 from DB log in 

demand 302 network 102, processing of the following [ the interior of repeating 

installation 103 ] will be performed, and DB log in demand 302 will be outpntted. Like 

the log in demand 301, although a login ID and a password are included, since it 

changes with DB(s), the configuration of DB log in demand is omitted. 

[0058] Processing of repeating installation 103 is shown below using flow chart drawing 

5. 

(2-1) The log in demand 301 is inputted into the terminal means of communications 201 
within the repeating-installation control means 106. (501) With the demand parameter 
1201, when a demand is the log in demand 301 (502), the session information 
management means 202 starts log in processing (2-2). 

(2"3) The repeating-installation control means 106 determines DB of a connection place, 
and the log in means 108 generates DB log in demand 302 using a login ID and a 
password. (503) The DB means of communications 110 outputs DB log in demand 302 to 
DB104 (2-4). (504) DB means of communications waits for DB log in response 303 after 
that. (505) When access with the login ID and password in a (3) DB log in response 
303DB log in demand is permitted by DB104, DB104 returns DB log in response 303 
which shows O.K. to repeating installation 103. 

(4) If DB log in response 304 from DB104 returns, log in response 304 repeating 
installation 103 will perform processing of the following [ the interior ], and will output 
the log in response 304 to a network 102. Hereafter, the inside of a parenthesis shows 
the number of the flow chart of drawing 5. 

(4-1) DB log in response 304 is inputted into the DB means of communications 110. 
(505) With the log in means 108, when the result of DB log in response 304 is O.K. (506), 
information required for DB access is stored in DB access means, and it tells that it is 
O.K. to the session information management means 202 (4-2). (508) If it is an error, 
terminate abnormally (507). 

(4-3) Processing moves from here to the repeating-installation control means 106. 
Repeating-installation control means 106 When the result told by the log in means 108 
is O.K., the inner session information management means 202 generates Session ID, 
and stores the group of Session ID and DB access means 109 in the session information 
storing means 107. (508) The configuration of the session information storing means 
107 and the thing which showed additional processing are drawing 6. The table which 
consists of 601,602 is in the condition before an addition, the session by Users' bbbbb, 
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ccccc, and ddddd trinominal exists, and it is shown that the session ID of bbbbllll, 
cccc2222, and dddd3333 is given, respectively. Although the data in which a connection 
condition is shown were originally contained since DB access means was stored in login 
information, it was described as bbbbb for convenience here. The table which consists of 
603,604 shows the configuration of the session information storing means 107 after an 
addition. In drawing 6, 601 is the session ID which distinguishes the session of a 
terminal and DB. As a session ID, if it is a character on a computer, the thing of 
arbitration is usable, but to use WWW, it is necessary to be what can be transmitted by 
HTTP. 602 is login information which stores DB access means. 

[0059] Here, if User aaaaa logs in, the session information management means 202 will 
generate Session ID (aaaaOOOO) using a random number etc., will match it with a user's 
login ID, and will store in the session information storing means 107. This condition is 
shown by 603 and 604. 

(4-4) When the demand which is not carried out in the demand parameter 401 remains 
in the degree, perform each processings in a demand parameter, such as data 
acquisition, for the demand using DB demand implementation means. (509) The 
terminal response generation means 203 generates a response from the data of DB 
demand implementation means 204, and outputs the log in response 304 to a network 
102 using the terminal means of communications 201 (510). (4-5) At this time, the log in 
response 304 is outputted including Session ID (aaaaOOOO) like drawing 4. Behind, a 
terminal 101 is because a terminal 101 needs to store Session ID in a demand at this 
time in order to make the demand which stored Session ID output. 
[0060] When performing session management on WWW, there are the following three 
kinds as an approach of embedding Session ID at a response. 

[0061] a. It is [External Character 2] to the link in generated HTML using the 
parameter of approach b.URL which stores Session ID in Cookie by the HTTP header 
using Set-Cookie. 

http : //gateway/data. cgi?SID=aaaa0000 

** -- approach c. which embeds Session ID like The approach of generating the page 
which included the hidden parameter in the INPUT tag, next the processing whose 
terminal 101 acquires data after a log in are explained. 

(5) If the data acquisition demand 305 log-in response 304 is received, a user will choose 
the processing performed to a degree and the data acquisition demand 305 will be 
outputted to a network 102 from a terminal. 



18 



[0062] The field configuration of this data acquisition demand 305 is shown in drawing 
7. 

[0063] In drawing 7, 701 is a demand parameter which shows that this demand is a 
data acquisition demand, the data for acquisition, etc. 702 is Session ID. That by which 
Session ID is contained in the log in response 304 is used as it is. A terminal 101 outputs 
the number stored in the log in response 304 to repeating installation 103 as a session 
ID at this time as it is. In on WWW, it changes with three above-mentioned approaches, 
but Session ID is stored in a data acquisition demand as it is the following. 

a. When Cookie is used, it is specified with the Cookie attribute in a HTTP header. 

b. When stored in a link, it is contained in the query character string contained in URL. 
[0064] (Outside 2) 

c. When form is used, Session ID is stored in the attribute specified by the log in 
response within the header of HTTP. 

(6) If the data acquisition demand 305 is inputted from a network 102, data demand 306 
repeating installation 103 will perform processing of the following [ the interior ], and 
will output the data demand 306. 

(6-1) The data acquisition demand 305 is first inputted into the terminal means of 
communications 201 within the repeating-installation control means 106. (501) When 
the demand parameter 2101 is a data acquisition demand (502), the session information 
management means 202 within the repeating-installation control means 106 
investigates whether the session ID in the data acquisition demand 305 is stored in the 
session information storing means 107 (511), and if data are effective (512), it will 
acquire DB access means (6 2). (514) In this case, since data are storable, the session 
information management means 202 acquires DB access means 109 corresponding to 
Session ID from the login information field 604 of the session information storing means 
107 after a data addition. If Session ID is not stored in the session information storing 
means 107, it terminates abnormally. (513) DB demand implementation means 204 
within the repeating-installation control means 106 generates the data demand 306 
which requires desired data from DB104 using DB access means 109 (6"3). (515) The DB 
means of communications 110 outputs the data demand 306 to DB104 (6-4). (515) 
Perform waiting for a response until data are inputted after that. (516) Although DB 
access means was acquired from the response by performing DB log in demand to the 
1st log in demand by the above processing, in order to acquire DB access means from a 
session information storing means to the data acquisition demand of the 2nd henceforth, 
DB log in demand is excluded, a part for the communication link between repeating 
installation and DB not to occur [ the direction of the time amount which a session 
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information storing means generally takes from the processing time of a log in demand - 
log in response ] ■■ since the log in processing in DB can be excluded while being able to 
expect improvement in a speed of response, since it is short, the load of DB is also 
mitigable. 

(7) If the data demand 306 is inputted, DB data 307DB104 will search the data 
corresponding to a demand, and will output them to repeating installation 103 by using 
the result as the DB data 307. 

(8) If the data acquisition response 308DB data 307 are inputted into repeating 
installation 103, processing of the following [ the interior of repeating installation 103 ] 
will be performed, and the data acquisition response 308 will be outputted to a terminal 
101 by network 102 course. 

(8"l) The DB data 307 are inputted into the DB means of communications 110. (517) It 
becomes the processing within the repeating-installation control means 106 from here 
(8-2). DB demand implementation means 204 passes data to the terminal response 
generation means 203. 

(8-3) The terminal response generation means 203 generates the data acquisition 
response 304 from Session ID and the acquired data, and the terminal means of 
communications 201 outputs the data acquisition response 304 to a network 102. (518) 
At this time, the data acquisition response response 304 is outputted including Session 
ID (aaaaOOOO) like drawing 7. 

[0065] In addition, although the case where the data of DB were referred to from a 
terminal in the gestalt of this operation was explained, even when performing other 
processings, such as control of a data addition and updating, starting, a halt, etc., etc., 
to DB, it can guess easily that the same session management device is applicable. In 
addition, when performing the data demand to DB from repeating installation in the 
gestalt of this operation, only DB access means was used, but in case DB is accessed, 
when a login ID, a password, etc. are required, it can also guess easily that repeating 
installation can acquire the data of DB by adding those fields to a data demand suitably. 
[0066] In addition, although the field of various demands was described in the gestalt of 
this operation, even if the sequence of this changes, it can guess easily that the same 
function is realizable. 

[0067] DB access means acquired by performing the log in to DB with the gestalt of this 
operation as mentioned above, by storing in a session information management means 
Even when a batch starts for every demand, a load is expensive for DB and it can make 
it possible to shorten time amount when time amount also reduces this count of a log in, 
until it outputs a demand from the stability and the terminal of DB and a response 
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comes on the contrary. 

[0068] (Gestalt 2 of operation) The gestalt of operation of the 2nd of this invention is 
explained hereafter. 

[0069] With the gestalt 2 of this operation, it differs from the gestalt 1 of operation in 
the repeating installation of the gestalt 1 of operation in that a WWW demand 
processing means to perform processing to a demand, and a WWW demand processing 
means starting means to start a WWW demand processing means were established. 
[0070] Drawing 4 which shows the field configuration of a sequence diagram 3 or a 
communication message in the gestalt 2 of this operation - drawing 7 are the same as 
the gestalt 1 of operation. 

[0071] Drawing 8 shows the configuration of the gestalt 2 of this operation, and 
corresponds to 101-105 of drawing 1 of the gestalt 1 of operation to 801-805 in drawing 8. 
[0072] Drawing 9 shows the configuration of repeating installation 803, and 901 is 
terminal means of communications which performs the communication fink with a 
terminal. The terminal means of communications 901 corresponds to the terminal 
means of communications 201 of the gestalt 1 of operation. 902 is a session information 
storing means to store the information about a session. The session information storing 
means 902 is equivalent to the session information storing means 107 of the gestalt 1 of 
operation. 903 is a WWW demand processing means to process repeating installation to 
a demand of a terminal. A WWW demand processing means is started for every demand, 
and after the processing to a demand is completed, it is extinguished. Either a process 
or a thread can mount a WWW demand processing means. 

[0073] In the WWW server which serves as repeating installation in a WW-DB 
cooperation system, the response time to each demand may be shortened by starting a 
WWW demand processing means like a process or a thread to each processing, and 
performing processing to two or more demands to coincidence. For example, in ASP of 
IIS of U.S. Microsoft, it is possible to generate a WWW page dynamically for the thread 
to perform [ when not carrying out session management, a thread starts for every 
demand, and ] processing of a script or a template. There is a thing with the same device 
as other WWW servers. 

[0074] 904 is DB means of communications which performs the communication link 
with DB. The DB means of communications 904 corresponds to the DB means of 
communications 110 of the gestalt 1 of operation. 905 is a WWW demand processing 
means starting means to start a WWW demand processing means. 
[0075] With the gestalt of this operation, a WWW demand processing means starting 
means starts a WWW demand processing means, when a demand is inputted into 



21 



terminal means of communications. 

[0076] A means for 906 to 910 to perform processing within the WWW demand 
processing means 903 is shown. 906 is a log in means to perform processing which logs 
in to DB. The log in means 906 is equivalent to the log in means 108 of the gestalt 1 of 
operation. 907 is a DB access means to manage the connection condition (session) to DB. 
DB access means 907 is equivalent to DB access means 109 of the gestalt 1 of operation. 
Moreover, when DB access means 907 is in the interior of a WWW demand processing 
means like the gestalt of this operation, DB access means 907 is canceled at the same 
time the WWW demand processing means 903 is extinguished. The terminal response 
generation means of 908 is equivalent to the terminal response generation means 203 of 
the gestalt 1 of operation, and is changed into the format that terminals, such as HTML, 
can interpret the information inputted from DB. DB demand implementation means of 
909 is equivalent to DB demand implementation means 110 of the gestalt 1 of operation, 
changes the data acquisition demand from a terminal into the demand on the session of 
DB shown with DB access means, and acquires data from DB using the DB means of 
communications 904. The session information management means of 910 is equivalent 
to the session information management means 107 of the gestalt 1 of operation, and 
manages the information on a session. 

[0077] The flow chart which shows the processing of repeating installation 803 to the 
demand in the gestalt of this operation is shown in drawing 10. The differences between 
drawing 10 and drawing 5 of the gestalt 1 of operation are WWW demand processing 
means starting of 1002, and WWW demand processing means disappearance of 1020. 
[0078] Hereafter, the difference between processing of the gestalt of this operation and 
the gestalt 1 of operation is explained using drawing 3. First, the processing at the time 
of a log in is explained. 

[0079] If it removes that there is processing performed inside a WWW demand 
processing means with the gestalt of this operation, a great portion of processing is the 
same as the gestalt 1 of operation. Moreover, the inside of the parenthesis after this 
shows the number of the flow chart of drawing 10. 

[0080] Repeating installation 803 outputs DB log in demand 302 to DB804 to the log in 
demand 301 of a terminal, the log in demand 301 inputs into the terminal means of 
communications 901 at this time -- having (1001) - the WWW demand processing 
means starting means 905 starts the WWW demand processing means 903. (1002) 
Processing (1003-1005) until it generates DB log in demand 302 after it and outputs to 
DB804 is the same as the gestalt 1 of operation. 

[0081] On the other hand, DB outputs DB log in response 303 to repeating installation 
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803, and repeating installation 803 outputs the log in response 304 to a terminal 801. 
The processing to the response reception 1006 at this time - log in response generation 
and transmission 1011 is the same as the gestalt 1 of operation. Since all processings to 
the original log in demand 301 are completed after the processing so far is completed, a 
WWW demand processing means is extinguished (1020). Therefore, DB access means 
907 within the WWW demand processing means 903 is also canceled. However, in the 
case of the gestalt of this operation, it is processing of the intermediate session 
information storing 1009. Since DB access means 907 is shunted for the session 
information storing means 902, Since DB access means 907 is stored in the session 
information storing means 902 also when a batch 903 is extinguished to processing 
termination and DB access means 907 of the WWW demand processing means 903 
interior is canceled by coincidence Connection can be maintained and reuse is possible 
by acquiring from the session information storing means 902 like the after-mentioned. 
[0082] Next, the processing whose terminal 801 acquires data after a log in is explained. 
[0083] In this case, a terminal 801 outputs the data acquisition demand 305 to 
repeating installation 803. On the other hand, in repeating installation 803, when the 
data acquisition demand 305 is inputted into the terminal means of communications 
201, the WWW demand processing means starting means 905 starts the WWW demand 
processing means 903. Subsequent processing is performed in the WWW demand 
processing means 903 interior. When the demand parameter 2101 is a data acquisition 
demand (1003), the session information management means 202 investigates whether 
the session ID in the data acquisition demand 305 is stored in the session information 
storing means 107 (1012), and if data are effective (1013), it will acquire DB access 
means. (1015) In this case, since data are storable, the session information management 
means 202 acquires DB access means 109 corresponding to Session ID from the login 
information field 604 of the session information storing means 107 after a data addition. 
Repeating installation 803 generates and outputs the data demand 306 like the gestalt 
1 of operation using this DB access means 109. (1016 1017) Processing (1018 1019) until 
the DB data 307 from DB804 are inputted into repeating installation 803 to the data 
demand 306 and repeating installation 803 outputs the data acquisition response 803 to 
a terminal 801 after that is the same as the gestalt 1 of operation. 

[0084] Although DB access means was acquired from the response by performing DB log 
in demand to the 1st log in demand by the above processing like the gestalt 1 of 
operation, in order to acquire DB access means from a session information storing 
means to the data acquisition demand of the 2nd henceforth, DB log in demand is 
excluded, a part for the communication link between repeating installation and DB not 
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to occur [ the direction of the time amount which a session information storing means 
generally takes from the processing time of a log in demand ■ log in response ] - since 
the log in processing in DB can be excluded while being able to expect improvement in a 
speed of response, since it is short, the load of DB is also mitigable. 
[0085] Moreover, since a batch and DB access means are extinguished after response 
sending out to a demand when a WWW demand processing means is started for every 
demand Although DB access means is unacquirable from the interior of repeating 
installation next time at the time of access, with the gestalt of this operation, DB access 
means by shunting besides a batch It makes it possible to acquire a DB access means by 
which it shunted again, and to perform access to DB without a log in at the time of next 
access belonging to the same session. 

[0086] In addition, although the case where a WWW demand processing means was 
started for every demand in the gestalt of this operation was shown, even when this 
starts for every session, it can guess easily that the same function is realizable by using 
the same session management device as the gestalt of this operation. Moreover, even 
when not taking a WWW demand processing means into consideration, it can guess 
easily that the same function is also realizable by using the same session management 
device. 

[0087] (Gestalt 3 of operation) The gestalt of operation of the 3rd of this invention is 
explained hereafter. 

[0088] The block diagram showing the configuration of the gestalt of this operation is 
the same as drawing 8 of the gestalt of the 2nd operation - drawing 9. 
[0089] Drawing 11 is the sequence diagram showing the gestalt of this operation. In the 
gestalt 3 of this operation, it shall log in by the approach which User ccccc already 
showed to the gestalt 1 of operation, and Users aaaaa, bbbbb, and ccccc shall log in to 
repeating installation. Hereafter, actuation of the gestalt of this operation is explained 
using drawing 11 - drawing 13. 

(1) If the user ccccc who has a session IDcccc2222 in the log out demand 1101 beginning 
operates a log out at a terminal 801, the log out demand 1101 will be outputted to a 
network 802 to repeating installation 803. The field configuration of this log out demand 
1101 is shown in drawing 12. 

[0090] In drawing 12, 1201 is a demand parameter. In this case, the identifier which 
shows that this demand is a log out demand is contained in a demand parameter. In 
addition, the log in demand and the data acquisition demand may be included in 
coincidence. 1202 is the session ID for identifying a session. 

(2) If the log out demand 1101 is inputted into repeating installation 803 from DB log 
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out demand 1102 network 802, processing of the following [ the interior of repeating 
installation 803 ] will be performed, and DB log out demand 1102 will be outputted. 
Processing of repeating installation 803 is shown below. 

(2"l) The log out demand 1101 of a session IDcccc2222 is inputted into the terminal 
means of communications 901. The WWW demand processing means 903 is started at 
this time. 

(2-2) When the demand parameter 401 is the log out demand 1101, the session 
information management means 910 starts log out processing. For the session 
information management means 910, the session IDcccc2222 in the log out demand 
1101 is session information. It investigates whether it is stored in the storing means 902, 
and if data are effective, DB access means will be acquired. 

(2-3) DB demand implementation means 909 generates DB log out demand 1102 using 
DB access means 907. 

(2-4) The DB means of communications 904 outputs DB log out demand 1102 to DB804. 

(3) If the DB log out response 1103DB log out demand 1103 is inputted, DB804 will 
process a log out and will return DB log out response 1103 to repeating installation 803 
after processing termination. 

(4) If DB log out response 1104 from DB804 returns, log out response 1104 repeating 
installation 803 will perform processing of the following [ the interior ], and will output 
the log out response 1104 to a network 802. 

(4-1) DB log out response 1104 is inputted into the DB means of communications 904. 
(4-2) Direct to delete the session information on the session IDcccc2222 which 
corresponds to DB log out response 1104 with DB demand implementation means 909. 
(4-3) The session information management means 910 is ** from the session 
information storing means 902 about the group of a DB access means 907 to find the 
session ID told by DB demand implementation means 909 from the session information 
storing means 902, and to correspond with the session ID. ** is carried out. 
[0091] It is drawing 13 which indicated deletion to be the configuration of the session 
information storing means 902 at this time. 1301 and the table which consists of 1302 
are in the condition before deletion, the session by Users' aaaaa, bbbbb, and ccccc 
trinominal exists, and it is shown that the session ID of aaaaOOOO, bbbbllll, and 
cccc2222 is given, respectively. Although the data in which a connection condition is 
shown were originally contained since DB access means was stored in login information, 
it was described as aaaaa for convenience here. 

[0092] Although the case where a session corresponded 1 to 1 time with a user was 
shown here, in the gestalt of this operation, there may be two or more sessions to a user. 
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ceccc logs out of 1303 and the table which consists of 1304, and the configuration of the 
session information storing means 902 after deleting the session information is shown. 
In drawing 13, 1301 is the session ID which distinguishes the session of a terminal and 
DB. 1302 is login information which stores DB access means. 

[0093] Here, a log out of User ccccc deletes the part corresponding to the session 
information management means 910 session ID (cccc2222) from the session information 
storing means 902. This condition is shown by 1303 and 1304. 

(4-4) The terminal response generation means 908 generates the log out response 1104, 
and outputs the log out response 1104 to a network 802 using the terminal means of 
communications 901. After processing termination, the WWW demand processing 
means 903 is ended and DB access means 907 is also canceled. Log out processing is 
completed above. 

(5) Explain processing when the data acquisition demand 1105 which has the deleted 
session ID after the data acquisition demand 1105 log out after a log out is outputted. 
For example, such a demand may be performed, when the page displayed before is seen 
using the function displayed again by the WWW browser after a log out after logging 
out of the screen in session activation. The data acquisition demand 1105 is outputted to 
a network 802 from a terminal. The field of the data acquisition demand 1105 is the 
same as the data acquisition demand 305 of the gestalt 1 of operation. 

(6) If the data acquisition demand 1105 is inputted from a network 802, error response 
1106 repeating installation 803 will perform processing of the following [ the interior ], 
and will output the error response 1106. 

(6-1) The data acquisition demand 1105 is first inputted into the terminal means of 
communications 901. 

(6-2) In a data acquisition demand, the session information management means 910 
investigates whether the session ID in the data acquisition demand 1105 is stored in the 
session information storing means 902. In this case, since the data currently looked for 
do not exist, retrieval goes wrong. 

(6- 3) When retrieval goes wrong, the error response 1106 is generated by the ter min al 
response generation means 908. The screen which requires an error screen or a log in as 
a screen of the error response 1106 can be considered. 

(6 4) The terminal means of communications 901 sends out the error response 1106 to a 
terminal 801. 

[0094] As mentioned above, since a log in becomes impossible only by the session 
number after reduction of the storage capacity of a session information storing means, 
or a log out by deleting the session information to which DB demand implementation 
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means of repeating installation corresponds according to a log out response from a 
session information storing means with the gestalt of this operation, it becomes possible 
to prevent other malicious users referring to the information for which access in DB is 
improper, or adding and updating. 

[0095] (Gestalt 4 of operation) The gestalt of operation of the 4th of this invention is 
explained hereafter. 

[0096] The block diagram showing the configuration of the gestalt of this operation is 
shown in drawing 14. 

[0097] In drawing 14, 1401-1405 are the same even as 801-805 of the gestalt 2 of 
operation. However, the terminal a 1401 is the same as a terminal 801. The terminal 
bl406 is connected to the network 1402 in drawing 14. The terminal bl406 is the same 
as the terminal 801 of the gestalt 2 of operation. 

[0098] In addition, in the gestalt of this operation, it is difference with the gestalt of the 
1st operation to have added the field of a login ID to the session information storing 
means 902 and the log in demand. 

[0099] Hereafter, actuation of the gestalt of this operation is explained using drawing 15 
and drawing 16. 

[0100] Drawing 15 is the sequence diagram showing actuation of the gestalt of this 
operation. 

[0101] The user aaaaa of Terminal a logs in first. The processing to the 1501-1504 here 
is the same even as 801-804 of the gestalt 1 of operation, if it removes that the contents 
of the data which perform registration etc. are different. However, the configuration of a 
session information storing means becomes like drawing 16 in this case, and the user 
aaaaa who performed the log in demand is registered. 

[0102] In drawing 16, a session ID 1601 and login information 1602 are the same as 601 
and 602 respectively. 1603 is a login ID. 

[0103] Next, Terminal b logs in using the same login ID aaaaa. 

[0104] At this time, directions of the log in of login ID aaaaa of the user of Terminal b 
output the log in demand 1505 to a network 1402. If this log in demand 1505 is inputted 
from a network to repeating installation 1403, repeating installation 1403 will perform 
processing of the following [ the interior ], and will output the abnormality response 
1506 in a log in to Terminal b by network 1402 course. 

(6-1) The log in demand 1505 is first inputted into the terminal means of 
communications 901. 

(6-2) As for the session information management means 910, the login ID in the log in 
demand 1505 investigates whether it is stored in the session information storing means 
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902. In this case, since the data currently looked for exist, retrieval is successful. 
(6-3) When retrieval is successful, the abnormality response 1506 in a log in is 
generated by the terminal response generation means 908. The screen which requires 
an error screen or a log in as a screen of the abnormality response 1506 in a log in can be 
considered. 

(6-4) The terminal means of communications 901 sends out the abnormality response 
1506 in a log in to a terminal b 1406. Since the screen is displayed that a terminal bl406 
receives the abnormality response 1506 in a log in, the user of Terminal b can also know 
that. 

[0105] In addition, if a login ID is included in the data acquisition demand during a 
session etc. when the login ID is held in this way at the session information storing 
means, whenever a demand is performed, even if it can take correspondence of a login 
ID and Session ID and other users use the same session ID, accessing, since a login ID 
is different will become impossible. 

[0106] As mentioned above, with the gestalt of this operation, by storing a login ID in 
the session information storing means of repeating installation, and checking a login ID 
at the time of a log in, while a certain user uses, other users can log in by the same login 
ID, and it can prevent accessing data, and the improvement effectiveness of security is 
acquired. 

[0107] (Gestalt 5 of operation) The gestalt of operation of the 5th of this invention is 
explained hereafter. Although the whole gestalt configuration of this operation is the 
same as drawing 9 which shows the configuration of the gestalt 2 of operation, the 
configuration of repeating installation 803 changes. 

[0108] The configuration of the repeating installation 803 in the gestalt 4 of the 
operation to drawing 17 is shown. 

[0109] In drawing 17, 1701-1710 are the same even as 901-910 of the gestalt 2 of 
operation respectively. 1711 is a timer means to start the processing set up when the 
timer was managed and timer time of day came. 

[0110] Actuation of the gestalt of this operation is shown using drawing 19 which shows 
hereafter the data configuration of drawing 18 and the session information storing 
means 1702 which shows a sequence. 

(l) log in processing (1801-1804) " if a user directs a log in from a terminal 801 first, the 
log in demand 1801 will be outputted to a network 802 from a terminal 801. If the log in 
demand 1801 is inputted from a network to repeating installation 803, inside repeating 
installation 803, the following processings will be performed and the log in response 
1804 will be outputted. Although the sequence of DB log in demand 1802 and DB log in 
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response 1803 happens like the gestalt 2 of operation the middle, since these are the 
same as the thing of the gestalt 2 of operation, they omit explanation, 
(l-l) The log in demand 1801 is inputted into the terminal means of communications 
901. Then, repeating installation 803 performs the same processing as the gestalt 2 of 
operation, and outputs DB log in demand 1802. On the other hand, DB804 performs log 
in processing and outputs DB log in response 1803 to repeating installation 803. 
(1-2) When the result it was reported by the log in means 906 at this time that the 
session information management means 910 was is O.K., generate Session ID and store 
the group of Session ID and DB access means 907 in the session information storing 
means 902 out of the WWW demand processing means 903. 

[0111] It is drawing 19 which showed the configuration of the session information 
storing means 902 in the gestalt 4 of this operation. As for 1901, Session ID and 1902 
are login IDs, and these are the same as the gestalt 2 of operation. On the other hand, 
1903 is the field which stores log in time of day. In the table of drawing 19, the session 
by Users' aaaaa, bbbbb, and ccccc trinominal exists, and it is shown that the session 1 D 
of aaaaOOOO, bbbbllll, and cccc2222 is given, respectively. Although the data in which a 
connection condition is shown were originally contained since DB access means 907 was 
stored in login information, the login ID described like aaaaa for convenience here. 
[0112] Here, if User aaaaa logs in, like the gestalt 2 of operation, the session 
information management means 910 will generate Session ID (aaaaOOOO) using a 
random number etc., will match it with a user's login ID, and will store in the session 
information storing means 902. And the time of day at this time is acquired, and this 
time of day is stored in the field of the log in time of day corresponding to Session ID. 
(1-3) Performing subsequent processing like the gestalt 2 of operation, repeating 
installation 803 outputs the log in response 1804 to a terminal 801. 
[0113] In addition, when storing and sending out the time of day which carries out a 
time-out to this log in response and advancing a demand by the terminal side after this 
time of day, it is also possible for the user by the side of a terminal to be shown that it is 
an impossible demand by performing re-log in processing and processing which outputs 
an error to a terminal. 

(2) After timer setting 1805 log-in processing finishes, only the time-out time amount 
set up in a certain form from the present time of day starts a timer behind, and the 
session information management means 1710 sets up the timer means 1711 so that 
processing from which the session information on a session IDaaaaOOOO is deleted may 
be performed. The value of one piece is used by the whole system, or it sets up for every 
user and time-out time amount can also be acquired from DB. In this case, the log in 
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time of day 13:00 and time-out time amount show the example of 2 hours. Then, access 
1806 is performed from a terminal 801 to repeating installation 803. 

(3) Only time-out time amount is formed from timer appearance 1807 log in, and if the 
time of day (in this case, 15:00) set up by the timer setup 1805 comes, the timer means 
1711 will start a session information management means, and will start deletion of the 
session information on an applicable timer. If the session information management 
means 1710 is started, it will start deletion of the session information on a session 
IDaaaaOOOO. Thereby, as shown in the table shown in 1904, 1905, and 1906, the session 
information on a session IDaaaaOOOO will be deleted by the data within the session 
information storing means 902. 

(4) A user's selection of the processing which acquires data outputs the data acquisition 
demand 1808 to a network 802 from a terminal after data acquisition demand 1808 
timer time-of-day arrival. 

(5) Since error response 1809 repeating installation 803 does not have data of the 
session ID of relevance into the session information storing means 902 when the data 
acquisition demand 1808 is inputted from a network 802, perform the same processing 
as the case where the data acquisition demand 1105 of the gestalt 3 of operation is 
received inside, and output the error response 1809. 

[0114] In addition, when a timer means is used and timer time of day comes in the 
gestalt of this operation, a timer means starts a session information management 
means, an applicable session is made to delete, but when access from a user is 
performed in this, a similar function can be realized by performing processing which 
deletes all the things that have passed over timer time of day among the data of a 
session information storing means. In order that the script on WWW may usually start 
actuation by the demand from a terminal, the effectiveness that mounting becomes easy 
is also acquired by this approach. 

[0115] Moreover, it is also possible to restrict only to the session of the user who 
accessed the data of a session information storing means to delete at the time of access. 
Since the throughput of this in every time decreases compared with the 
above-mentioned processing, the effectiveness which carries out a response early is 
acquired. 

[0116] In addition, although only time-out time amount made starting time of day of a 
timer next time of day from log in time of day with the gestalt of this operation, it can 
guess easily that the same effectiveness is acquired also by starting a timer periodically. 
[0117] In addition, in the gestalt of this operation, although the error screen was 
returned to the terminal when the demand after a time-out came, a log in 
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authentication screen is sent once again about this, and the same effectiveness is 
acquired also by making it log in. 

[0118] In addition, although it measured from log in time of day in the gestalt of this 
operation and time-out time of day was determined, similar effectiveness is acquired 
also by making this starting point of reckoning into the last access time of day. This 
function is realizable by rewriting the field about the time of day of a session 
information management means, whenever access is performed from a user. 
[0119] In addition, although log in time of day was stored in the session information 
storing means in the gestalt of this operation, it can guess easily that the effectiveness 
same also as time of day that a time-out generates this is acquired. 
[0120] As mentioned above, the effectiveness which restricts the time amount at the 
time of unlawful access being performed, and lessens damage by spoofing is acquired by 
reducing the storage capacity of a session information storing means, and restricting 
the accessible time amount of one session by storing log in time of day in a session 
information storing means at the time of a log in, setting a timer as time-out time of day 
with the gestalt of this operation, starting a session information-management means, 
and making the session of relevance delete. 

[0121] (Gestalt 6 of operation) The gestalt of operation of the 5th of this invention is 
explained hereafter. 

[0122] The whole gestalt block diagram of this operation is the same as drawing 14 of 
the gestalt 4 of operation. 

[0123] Moreover, the internal configuration of repeating installation 1403 is the same as 
drawing 9 which shows the internal configuration of the repeating installation 803 of 
the gestalt 2 of operation. With the gestalt of this operation, it differs from the gestalt 2 
of operation in that the client identifier which identifies a terminal 1401 as shown later 
is stored in a log in demand, a data acquisition demand, and a session information 
storing means. 

[0124] Hereafter, actuation of the gestalt of this operation is explained using drawing 20 
- drawing 23. 

(l) If User baaaa operates a log in at a terminal 1401 to the log in demand 2001 
beginning, the log in demand 2001 will be outputted to a network 1402 to repeating 
installation. 

[0125] The field configuration of this log in demand 2001 is shown in drawing 21. 
[0126] In drawing 21, the field configuration of a demand of 2101-2103 is the same even 
as 401-403 of the field block diagram 4 of the log in demand 301 of the gestalt 1 of 
operation. 2104 is a client identifier. As a client identifier, an IP address, a port number, 
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a machine name, a domain name, the telephone number, etc. can be used. 
[0127] When using HTTP, you may include as an attribute of HTTP. In addition, since a 
terminal can acquire an IP address with repeating installation 1403 even if that does 
not have the field of the client identifier 2104 at a network to reachable when a network 
is IP network, implementation of the gestalt of this operation is possible also for a 
configuration without 2104. 

(2) If the log in demand 2001 is inputted from a network to DB log in demand 2002 - log 
in response 2004 repeating installation 1403, inside repeating installation 1403, log in 
processing of the gestalt 2 of operation and same processing will be performed, and the 
log in response 2004 will be outputted. 

[0128] At this time, the configuration of the session information storing means 902 is 
shown in drawing 22. 

[0129] In drawing 22, 2201 and 2202 are Session ID and login information, respectively, 
and are the same as the thing of the gestalt 2 of operation. In addition, with the gestalt 
of this operation, the client identifier 2203 and a login ID 2204 are stored. In this case, 
supposing User aaaaa has a terminal a 1401 and a terminal bl406, aaaaa of the 
maximum upper case of drawing 22 and the information on Terminal a are first stored 
in the session information storing means 902. 

(3) Shortly [ log in dema nd 2005 ] , User aaaaa is a terminal b 1406 and logs in similarly. 
Then, the log in demand 2005 is outputted to repeating installation 1403. 

(4) If the log in demand 2005 is inputted into repeating installation 1403 from log hi 
response 2006 network 1402, processing of the following [ the interior of repeating 
installation 1403 ] will be performed, and the log in response 2006 will be outputted to a 
terminal 1401. 

(4-1) The log in demand 2005 is inputted into the terminal means of communications 

901. The WWW demand processing means 903 is started at this time. 

(4-2) With the demand parameter 401, when a demand is the log in demand 2005, the 

session information management means 910 starts log in processing. 

(4-3) The session information management means 910 searches the data of the same 

login ID. Since there are already data of the log in from a terminal al401 at this time, 

retrieval is successful. Moreover, since the thing of the data with which the client 

identifier was searched is differed from, at this time, the session information 

management means 910 generates Session ID newly (in this case, cccc2222), and copies 

and stores the login information of the data searched at that session ID. A login ID and 

a client identifier are stored similarly. 

(4-4) The terminal response generation means 908 generates the log in response 2006, 
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and the terminal means of communications 901 outputs the log in response 2006 to a 
terminal b 1406. 

(5) Explain the processing when giving a log in demand to the re-log in demand 2007 
and the 2008th re-log in response again. The re-log in demand 2007 is completely the 
same as the log in demand 2005. At this time, processing to the log in demand 2005 and 
same processing are performed with repeating installation 1403. However, the data 
which the session information management means 910 searched in this case, and the 
response which the new session ID is not generated between the re-log in demands 2007 
since both client identifier is the same as a login ID, but contains the existing session ID 
are outputted from repeating installation 1403 as a re-log in response. 

[0130] In addition, it is also possible to return abnormalities to a re -log in demand. 

(6) Explain the processing at the time of performing a data acquisition demand using 
the session ID of the terminal which is different in the data acquisition demand 2009 
and the 2010th error response. 

[0131] The field configuration of a data acquisition demand here is shown in drawing 23. 
[0132] In drawing 23, the demand parameter 2301 and the session ID 2302 are the 
same as 701,702 in the field block diagram 7 of the data acquisition demand in the 
gestalt 2 of operation respectively. 2303 is a client identifier which shows the 
identification information of a terminal. 

[0133] First, when the session IDcccc2222 is assigned to the terminal b 1402, in the data 
acquisition demand 2009, the data acquisition demand 2009 is performed using the 
session IDaaaaOOOO of a terminal al401. On the other hand, repeating installation 1403 
performs processing of the following [ the interior ], and returns the error response 2010. 
(6-1) The data acquisition demand 2009 is first inputted into the terminal means of 
communications 901. At this time, the address of Terminal b is contained in aaaaOOOO 
and a client identifier at Session ID. 

(6-2) In a data acquisition demand, the session information management means 910 
investigates whether the session ID in the data acquisition demand 2009 is stored in the 
session information storing means 902. In this case, since the client identifier to the 
session IDaaaaOOOO of a demand becomes a thing to Terminal a, the thing of the client 
identifier of a demand is differed from. Therefore, retrieval goes wrong. 
(6-3) When retrieval goes wrong, the error response 2010 is generated by the terminal 
response generation means 908. The screen which requires an error screen or a log in as 
a screen of the error response 2010 can be considered. 

(6-4) The terminal means of communications 901 sends out the error response 2010 to a 
terminal 1401. 
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[0134] In addition, when the terminal uses WWW, a strict session can be managed with 
every terminal by storing the hysteresis of the demand URL from a terminal in a 
session information storing means. 

[0135] In addition, although the client identifier was exchanged by the plaintext with 
the gestalt of this operation, even when the same effectiveness is acquired and the 3rd 
person monitors a communication link further also by repeating installation's giving the 
device of encryption and a decryption, enciphering a client identifier, and 
communicating with a terminal, it can guess easily that the effectiveness that the 
identifier or the address of a terminal are not known immediately is acquired. 
[0136] As mentioned above, with the gestalt of this operation, by storing the identifier 
and the login ID of a terminal in a session information storing means from repeating 
installation, when discernment of a terminal be possible, and not performing log in 
processing to the user of the same login ID as compared with the client identifier of a log 
in demand at the time of a log in, while shortening the response time to the log in by the 
terminal after the 2nd piece, the effectiveness which can reduce the number of 
connection between repeating installation and DB be acquire. 

TO 137] Moreover, when the same user logs in from the same terminal, while preventing 
a double log in by not generating a session, it becomes possible to make small storage 
capacity which a session information management means takes. 

[0138] Moreover, by comparing a client identifier in the case of a data acquisition 
demand, when Session ID is used at another terminal, it becomes possible to return an 
error and the effectiveness that spoofing by another terminal can be prevented is 
acquired. 

[0139] (Gestalt 7 of operation) The gestalt of operation of the 7th of this invention is 
explained hereafter. 

[0140] The configuration of the gestalt of this operation is the same as the configuration 
of the gestalt 2 of operation. 

[0141] With the gestalt of this operation, in order to identify the demand within the 
session as shown later, after logging in, it differs from the gestalt 2 of operation in that 
the demand identifier given to a meaning is stored in a log in response, a data 
acquisition demand, a data acquisition response, and a session information storing 
means. 

[0142] Hereafter, actuation of the gestalt of this operation is explained using drawing 24 
• drawing 26. 

[0143] In drawing 24, although a round-head figure is on the line of repeating 
installation, this shows the demand identifier about the session of the terminal within 
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the session information storing means 902 in repeating installation 803. 
[0144] First, the processing to the log in demand 2401 - DB log in response 2403 is the 
same as processing to the log in demand 301 of the gestalt 2 of operation - DB log in 
response 303. 

(1) An input of the log in response 2404DB log in response 2403 performs the following 
processings inside repeating installation 803. 

(1-1) DB log in response 2403 is inputted into the DB means of communications 904. 
(1-2) Receive the notice of DB demand implementation means 909 having received DB 
log in response 2403 from the DB means of communications 904. 

(1-3) The session information management means 910 looks for the session information 
corresponding to the log in demand 2401 from the session information storing means 
902. Although it is made an error by double log in when found, when not found, session 
information is created and it stores in the session information storing means 902. 
[0145] This part is shown in the field block diagram 25 of the session information 
storing means 902. In this case, before the log in of aaaaa, Users bbbbb and ccccc log in 
and that condition is shown in 2501-2503. Both the Sessions ID and login information of 
2501 and 2502 are the same as 601,602 of the gestalt 1 of operation here. The demand 
identifier of 2503 is a character string given in order to identify respectively a series of 
demands within the same session. Although explained in the gestalt of this operation in 
the format which increases every [ 1 ] whenever it begins from 1 and a terminal 801 
performs the demand after session initiation, as long as it is the train of an alphabetic 
character or a notation which can identify the demand within a session, anything may 
be used like the linearity congruence expression for random number generation, or 
current time. 

[0146] Next, as for the session information storing means 902, a log in of User aaaaa 
increases the line of aaaaa like 2504-2506. At this time, the session ID aaaaOOOO and 
login information which were assigned about User aaaaa are stored in 2504 and 2505, 
respectively. Moreover, since it is the first demand at this time, 1 is stored in the 
demand identifier 2506. 

(1 _ 4) The terminal response generation means 908 generates a response from the data 
of DB demand implementation means 909, and outputs the log in response 2404 to a 
network 802 using the terminal means of communications 901. At this time, Session ID 
and the demand identifier (in this case, l) are stored in the log in response 2404. 
[0147] Next, the processing whose terminal 801 acquires data after a log in is explained. 

(2) If the log in response 2404 is received like the gestalt 2 of data acquisition demand 
2405 operation, a user will choose the processing performed to a degree and the data 
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acquisition demand 2405 will be outputted to a network 802 from a terminal. The field 
configuration of this data acquisition demand 2405 is shown in drawing 26. In drawing 
26, the demand parameter and Session ID of 2601 and 2602 are the same as 701,702 of 
the gestalt 2 of operation respectively. 2603 is a demand identifier which identifies the 
demand within a session. Both of 2601 and 2603 must use the value stored in the log in 
response 2504 among these. 

(3) If the data acquisition demand 2405 is inputted from a network 802, data demand 

2406 repeating installation 803 will perform processing of the following [ the interior ], 
and will output the data demand 2406. 

(3-1) The data acquisition demand 2405 is first inputted into the terminal means of 
communications 901. (1001) When the demand parameter 2101 is a data acquisition 
demand, if the session information management means 910 has the effective data 
acquisition demand 2405, it will acquire DB access means (3-2). At this time, the session 
ID in the data acquisition demand 2405 is stored in the session information storing 
means 902, and the session information management means 910 judges with the data 
acquisition demand 2405 being effective, only when the demand identifier 
corresponding to Session ID is still the same as the thing in the data acquisition 
demand 2405. In addition, if the count of the maximum access in one session was set up 
here and the demand identifier is over the count of the maximum access when making a 
demand identifier into the count of a demand in this way, the data acquisition demand 
2405 can be made into an invalid, and a terminal 801 can also be answered in an error. 
Acquisition of next DB access means 907 and the output of a data demand are the same 
as that of the gestalt 2 of operation. 

(4) The data demand 2406 - the data acquisition response 2408 data demand 2406, and 
data 2407 are the same as that of the gestalt 2 of operation. In the processing after data 

2407 were inputted into DB means of communications, processing of the session 
information management means 910 differs from the gestalt 2 of operation. 

[0148] In the gestalt of this operation, after receiving data 2406, 1 **** of the demand 
identifiers of the applicable data within the session information storing means 902 is 
carried out, and the session information management means 910 stores them. 
[0149] Even 2504-2509 of drawing 25 are explained using this. Before, as for 2504-2506, 
the data acquisition demand 2405 is inputted, 2507-2509 are data of the session 
information storing means 902 after the output of the data acquisition response 2408. 
In this case, since aaaaa performs the data acquisition demand 2405 and session ID 
aaaaOOOO is stored in this, the demand identifier corresponding to a session ID 
aaaaOOOO increases one time. Therefore, what was 1 in 2506 is set to 2 by 2509. 
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(5) Although the terminal suits the 2nd data acquisition demand 2409 - Session's ID 
data acquisition error 2410 pan as the 2nd data acquisition demand 2409 next, the ease 
where the data acquisition demand from which a demand identifier is different is 
outputted is considered, and the response to this is shown. In this case, for a terminal, it 
is the right to store 2 in a demand identifier in the 2nd data acquisition demand 2409, 
since the demand identifier 2 is received by the last response. However, since the 
demand identifier to the session IDaaaaOOOO within the session information storing 
means 902 is 2 and it differs from the demand identifier 1 in the 2nd data acquisition 
demand when the 2nd data acquisition demand 2409 is inputted into the terminal 
means of communications 901 and the session information management means 910 
compares Session ID and a demand identifier with the data within the session 
information storing means 902 in this case, the 2nd data acquisition demand 2402 goes 
wrong. Then, the terminal response generation means 908 generates the data 
acquisition error 2410, and outputs it to a terminal. 

[0150] Moreover, although Session ID and the demand identifier were independently- 
prepared with the gestalt of this operation By giving a demand identifier, without 
forming Session ID, so that it may become a meaning to the demand to repeating 
installation 803 To a log in response or a data acquisition response generate time, a 
demand identifier is generated for every response, this is stored in the session 
information storing means 902, and the terminal 801 which received this response 
further inputs into repeating installation 803 the demand which stored the demand 
identifier. It explains below as an example. 

[0151] It is shown that drawing 27 accessed time of day using the whole demand 
identifier for every demand. In this case, a login name, a password, and three kinds of 
data of a whole demand identifier are stored in a session information management 
means. In this case, the time of day which had the newest access as a whole demand 
identifier is used. In addition, also except the newest access time of day, as long as it is 
the character alphanumeric string which the demand to a server can identify uniquely, 
anything may be used for a whole demand identifier. 

[0152] Alog in is performed to DB804 like [ when a terminal 801 gives demand 1 (User 
A, Password A) to repeating installation 803 at time of day 11:30 ] the above-mentioned 
case. The session information management means 910 after that with the session 
information storing means 902 In the field of a login name in the field of "User A" and a 
password "Password A" Storing "11:30" of current time in the field of a whole demand 
identifier, the terminal response generation means 908 inputs the response 1 (whole 
demand identifier 11:30) containing a whole demand identifier into a terminal 801 
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through the terminal means of communications 901. By drawing 27, the information 
stored in the session information storing means 902 at this time is collectively described 
as "user A-passwordA-li:30." 

[0153] Next, since the whole demand identifier contained in response 1 is 11:30 when a 
user performs the demand included in response 1 at time of day 11:45, demand 2 (whole 
demand identifier 11:30) is inputted into repeating installation 803 from a terminal 801. 
Then, DB804 is accessed, the demand identifier within [ whole ] the session information 
storing means 802 is updated by 11 : 45, and repeating installation 803 will be in the 
condition that the login name:user A, the password password A, and whole demand 
identifier: 11:45 we re stored as a result. Then, response 2 (whole demand identifier 
11:45) is inputted into a terminal 801 through the terminal means of communications 
901. 

[0154] Then, suppose that the user performed the demand included in response 1 at 
time of day 12:00. For example, this displays the screen of response 1 with the carbon 
button "it returns" when a response is described by HTML, and the case where the link 
on that screen (this link contains a whole demand identifier) is clicked at time of day 
12:00 hits this. [ of the browser on a terminal 801 ] Then, the login-name :user A and 
password which were stored although the demand 2 (whole demand identifier 11:30) 
was inputted into repeating installation 802 from the terminal 801 in the response 1 
since the whole demand identifier was 11:30: Since the whole demand identifier 11:30 of 
Password A contained in the whole demand identifier 11:45 stored and demand of a 
match does not correspond, it inputs an error signal into a terminal 801. In this case, 
the session information storing means 902 is not updated. 

[0155] Since a whole demand identifier is 11:45 in response 2 on the other hand when a 
user performs the demand included in response 2 at time of day 12:00, demand 3 (whole 
demand identifier 11:45) is inputted into repeating installation 803. Since the whole 
demand identifier 11:45 stored in the session information storing means at this time 
and the demand identifier 11 ; 45 in [ whole ] demand 3 are in agreement, repeating 
installation 803 accesses DB804, and repeating installation 803 processes the response 
inputted from DB804, and it inputs response 3 (whole demand identifier 12:00) into 
repeating installation 803. 

[0156] Even if it acquires login information from a demand identifier and accesses DB 
by this, access using the carbon button "it returns" similarly can be forbidden. [ of a 
browser ] Since a demand identifier furthermore changes each time, it can guess easily 
that the effectiveness which becomes easy to prevent a malicious user's acquiring a 
formal user's demand identifier, and accessing unlawfully to the information for which 
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access in DB is improper is acquired. 

[0157] In addition, although it shall begin from 1 and a demand identifier shall be 
increased one time for every demand with the gestalt of this operation, even if repeating 
installation enciphers this and creates a response, it can guess easily that the same 
effectiveness is acquired. 

[0158] Moreover, even if it includes the time of day at the time of demand reception of 
repeating installation, or responded output etc. in a demand identifier, it can guess 
easily that the same effectiveness is acquired. 

[0159] As mentioned above, by storing the demand identifier uniquely given to the 
session information storing means 902 at the demand within a session with the gestalt 
of this operation, and exchanging a demand identifier by various demands and response 
Since acquisition of DB data cannot be performed unless the demand identifier is 
correct, even when a formal user's session ID is copied, it becomes possible to prevent 
other malicious users' copying Session ID and performing reference, addition, and 
renewal of the information for which access in DB is improper. 
[0160] 

[Effect of the Invention] By having had a session information storing means to store 
directly DB access means used when making connection between DB and repeating 
installation, and accessing [ 1st ] to DB in this invention after logging in to DB In case 
repeating installation processes the demand from the terminal belonging to a session, 
DB access means is acquired from a session information storing means. It becomes 
possible to access DB, without logging in in the case of the demand of the 2nd 
henceforth, and the effectiveness which shortens the response time and mitigates the 
load of DB is acquired. 

[0161] A WWW demand processing means starting means to start the thread which 
disappears after this invention processes [ 2nd ] every demand or session to repeating 
installation and processing is completed, By having had a session information storing 
means to store session information out of a thread Even if a thread is started for every 
session and every demand and DB access means inside a thread is discarded with 
thread abandonment When performing processing to the next demand, it becomes 
possible to access to DB, without logging in by acquiring DB access means from a 
session information storing means, and the effectiveness which shortens the response 
time and mitigates the load of DB is acquired. 

[0162] When a log out demand was inputted into repeating installation at repeating 
installation and the 3rd this invention was equipped with a session information 
management means to delete the same session information as the session ID of a log out 
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demand from a session storing means, the effectiveness which can reduce the storage 
capacity of a session information storing means is acquired. 

[0163] When there is session information which has the session ID which is in 
agreement with the thing in a log in demand when a log in demand is inputted [ 4th ] 
into repeating installation as a session information storing means store the session 
information containing a login ID, while being able to reduce the storage capacity of a 
session information storing means by outputting the error response of a double log in to 
a terminal, the effectiveness protect that an inaccurate user accesses is acquired from 
other terminals during access. 

[0164] A session information storing means to store the session information which 
contains [ 5th ] log in time of day in repeating installation, The session information 
which made current time log in time of day when a log in demand was inputted as a 
timer means to start the processing set up when setting time of day came is stored in a 
session information storing means. When a session information management means to 
set a timer as time out time of day was established, time-out time of day came and the 
timer means started the processing which deletes the session information on relevance 
from a session information storing means The storage capacity of a session information 
storing means is reduced, and while restricting the accessible time amount in one 
session, the Lime amount at the time of unlawful access being performed to repeating 
installation is restricted, and the effectiveness which lessens damage is acquired. 
[0165] A session information storing means to store the information containing the 
identifier and login ID of a terminal when discernment of repeating installation to a 
terminal is [ 6th ] possible, By having had a session information management means by 
which log in processing was not performed to the user of the same login ID as compared 
with the client identifier of a log in demand at the time of a log in While shortening the 
response time to the log in by the terminal after the 2nd piece, the effectiveness which 
can reduce the number of connection between repeating installation and DB is acquired. 
[0166] A session information storing means to make 7th correspond with Session ID by 
making into session information the demand identifier which is a character string for 
identifying the demand within a session to repeating installation, and to store, When a 
terminal outputs the processing demand containing Session ID and a demand identifier 
By comparing Session ID with both demand identifier, and having a session information 
management means to make DB access corresponding to a processing demand perform 
only when both are the same Even if a malicious user accesses unlawfully to repeating 
installation using the session ID which became an invalid, and a demand identifier by 
the processing demand of a time-out or consecutiveness, the effectiveness of beco min g 
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possible to prevent it is acquired. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing l] The block diagram showing the whole configuration in the gestalt 1 of 
operation of this invention 

[Drawing 2] The block diagram showing the configuration of the repeating installation 
in the gestalt 1 of operation of this invention 

[Drawing 3] The sequence diagram showing actuation of the gestalt 1 of operation of 
this invention 

[Drawing 4] The field block diagram of the log in demand in the gestalt 1 of operation of 
this invention 

[Drawing 5] The flow Fig. showing processing of the WWW demand processing means in 
the gestalt 1 of operation of this invention 

[Drawing 6] The field block diagram of the session information storing means in the 
gestalt 1 of operation of this invention 

[Drawing 7] The field block diagram of the data acquisition demand in the gestalt 1 of 
operation of ibis invention 

[Drawing 8l The block diagram showing the whole configuration in the gestalt 2 of 
operation of this invention 

[Drawing 9l The block diagram showing the configuration of the repeating installation 
in the gestalt 2 of operation of this invention 

[Drawing 10] The flow Fig. showing processing of the WWW demand processing means 
in the gestalt 2 of operation of this invention 

[Drawing 111 The sequence diagram showing actuation of the gestalt 3 of operation of 
this invention 

[Drawing 12] The field block diagram of the log in demand in the gestalt 3 of operation 
of this invention 

[Drawing 13] The field block diagram of the session information storing means in the 
gestalt 3 of operation of this invention 

[Drawing 14] The block diagram showing the whole configuration in the gestalt 4 of 
operation of this invention 

[Drawing 15] The sequence diagram showing actuation of the gestalt 4 of operation of 
this invention 
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[Drawing 16] The field block diagram of the session information storing means m the 
gestalt 4 of operation of this invention 

[Drawing 17] The block diagram showing the configuration of the repeating installation 
in the gestalt 5 of operation of this invention 

[Drawing 18] The sequence diagram showing actuation of the gestalt 5 of operation of 
this invention 

[Drawing 19] The field block diagram of the session information storing means in the 
gestalt 5 of operation of this invention 

[Drawing 20] The sequence diagram showing actuation of the gestalt 6 of operation of 
this invention 

[Drawing 2l] The field block diagram of the log in demand in the gestalt 6 of operation 
of this invention 

[Drawing 22] The field block diagram of the session information storing means in the 
gestalt 6 of operation of this invention 

[Drawing 231 The field block diagram of the data acquisition demand in the gestalt 6 of 
operation of this invention 

[Drawing 24] The sequence diagram showing actuation of the gestalt 7 of operation of 
this invention 

[Drawing 25] The field block diagram of the session information storing means hi the 
gestalt 7 of operation of this invention 

[Drawing 26] The field block diagram of the data acquisition demand in the gestalt 7 of 
operation of this invention 

[Drawing 27] The data transition diagram within the session information storing means 
in the gestalt 7 of operation of this invention 

[Drawing 28] The block diagram showing the whole conventional example configuration 
[Drawing 29] The block diagram showing the internal configuration of the repeating 
installation in the conventional example 

[Drawing 30] The field block diagram showing the configuration of the session 
information storing means in the conventional example 
[Description of Notations] 

101 Terminal 

102 Network 

103 Repeating Installation 

104 DB 

105 Channel between Repeating Installation and DB 

106 Repeating-Installation Control Means 
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107 Session Information Storing Means 

108 Log in Means 

109 DB Access Means 

110 DB Means of Communications 

201 Terminal Means of Communications 

202 Session Information Management Means 

203 Terminal Response Generation Means 

204 DB Demand. Implementation Means 

301 Log in Demand 

302 DB Log in Demand 

303 DB Log in Response 

304 Log in Response 

305 Data Acquisition Demand 

306 Data Demand 

307 DB Data 

308 Data Acquisition Response 

401 Demand Parameter 

402 Login ID 

403 Password 

601 Session ID before Data Addition 

602 Login Information before Data Addition 

603 Session ID after Data Addition 

604 Login Information after Data Addition 

701 Demand Parameter 

702 Session ID 

801 Terminal 

802 Network 

803 Repeating Installation 

804 DB 

805 Channel between Repeating Installation and DB 

901 Terminal Means of Communications 

902 Session Information Storing Means 

903 WWW Demand Processing Means 

904 DB Means of Communications 

905 WWW Demand Processing Means Starting Means 

906 Log in Means 
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907 DB Access Means 

908 Terminal Response Generation Means 

909 DB Demand Implementation Means 

905 910 Session Information Management Means 

1101 Log Out Demand 

1102 DB Log Out Demand 

1103 DB Log Out Response 

1104 Log Out Response 

1105 Data Acquisition Demand 

1106 Error Response 

1201 Demand Parameter 

1202 Session ID 

1301 Session ID before Data Deletion 

1302 Login Information before Data Deletion 

1303 Session ID after Data Deletion 

1304 Login Information after Data Deletion 

1401 Terminal A 

1402 Network 

1403 Repeating Installation 

1404 DB 

1405 Channel between Repeating Installation and DB 

1406 Terminal B 

1501 Log in Demand 

1502 DB Log in Demand 

1503 DB Log in Response 

1504 Log in Response 

1505 Log in Demand 

1506 Abnormality Response in Log In 

1601 Session ID 

1602 Login Information 

1603 Login ID 

1701 Terminal Means of Communications 

1702 Session Information Storing Means 

1703 WWW Demand Processing Means 

1704 DB Means of Communications 

1705 WWW Demand Processing Means Starting Means 
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1706 Log in Means 

1707 DB Access Means 

1708 Terminal Response Generation Means 

1709 DB Demand Implementation Means 

1710 Session Information Management Means 

1711 Timer Means 

1801 Log in Demand 

1802 DB Log in Demand 

1803 DB Log in Response 

1804 Log in Response 

1805 Timer Setup 

1806 Access 

1807 Timer Appearance 

1808 Data Acquisition Demand 

1809 Error Response 

1901 Session ID 

1902 Login ID 

1903 Log in Time of Day 

2001 Log in Demand 

2002 DB Log in Demand 

2003 DB Log in Response 

2004 Log in Response 

2005 Log in Demand 

2006 Log in Response 

2007 Re -Log in Demand 

2008 Re-Log in Response 

2009 Data Acquisition Demand 

2010 Error Response 

2101 Demand Parameter 

2102 Login ID 

2103 Password 

2104 Client Identifier 

2201 Session ID 

2202 Login Information 

2203 Client Identifier 

2204 Login ID 
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2301 Demand Parameter 

2302 Session ID 

2303 Client Identifier 

2401 Log in Demand 

2402 DB Log in Demand 

2403 DB Log in Response 

2404 Log in Response 

2405 Data Acquisition Demand 

2406 Data Demand 

2407 DB Data 

2408 Data Acquisition Response 

2409 2nd Data Acquisition Demand 

2410 Data Acquisition Error 

2501 Session ID before Log In 

2502 Login Information before Log In 

2503 Demand Identifier before Log In 

2504 Session ID after Log In 

2505 Login Information after Log In 

2506 Demand Identifier after Log In 

2507 Session ID after Data Acquisition 

2508 Login Information after Data Acquisition 

2509 Demand Identifier after Data Acquisition 

2601 Demand Parameter 

2602 Session ID 

2603 Demand Identifier 

2701 Terminal 

2702 Network 

2703 Repeating Installation 

2704 DB 

2801 Terminal Means of Communications 

2802 Session Information Management Means 

2803 Log in Means 

2804 Session Information Storing Means 

2805 Terminal Response Generation Means 

2806 DB Demand Implementation Means 
2901 Session ID 
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2902 Login ID 

2903 Password 

2904 Connection Place 



* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

l.This document has been translated by computer. So the translation may not reflect 
the original precisely. 

2 **** s ;h ows the word which can not be translated. 
3.1n the drawings, any words are not translated. 
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(6-1) Sf, ^ffi€^&901fcP?^^1505#A2l ■ 5. COSL ^Sg803£liffi©^i2fc^i©Mg 
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©fct, •b-y^H>'fflBta¥m9l0t^ ff L< -fey 5/ 
H>ID*4jSL(i:©#&ttcccc2222), ^©*>y->3 y 
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^scts-fe-y^B ywm^y>'3ywmmmm2 

mt a %ofr?tct§£& 2 In 94 ypX7-fct 
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il^2501~2503tC^-T o C C £2501 ,2502£D-fe-y y 3 yi 
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*»gimi:30) ^S*801^5*mS§802CAA?tl 
5*<, IBIfttnftn^V* : n^fA£/U7-F : 
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? -fex# a^ltff T § c t £ «t 0 n 94 yftfibf icm 

(Dmznmt%%%tfmrt%e 30 

[0 16 2] ^3t*MWi:«S«^ci^7^h^ 
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